﻿using IdentityModel;
using IdentityServer4;
using IdentityServer4.Models;
using IdentityServer4.Test;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Security.Claims;
using System.Threading.Tasks;

namespace Windows.Identity.Api
{
    public class Config
    {
        //public static List<TestUser> GetUsers()
        //{
        //    return new List<TestUser>
        //    {
        //        new TestUser
        //        {
        //            SubjectId = "0",
        //            Username = "jamen",
        //            Password = "xiaofeng"
        //        }
        //    };
        //}
        /// <summary>
        /// 添加对OpenID Connect的支持
        /// </summary>
        /// <returns></returns>
        public static IEnumerable<IdentityResource> GetIdentityResources()
        {
            return new List<IdentityResource>
            {
                new IdentityResources.OpenId(), //必须要添加，否则报无效的scope错误
                new IdentityResources.Profile()
            };
        }

        /// <summary>
        /// 定义系统中的API资源
        /// </summary>
        /// <returns></returns>
        public static IEnumerable<ApiResource> GetApiResources()
        {
            return new List<ApiResource>
            {
                //new ApiResource("myapi", "myapi"),
                new ApiResource("Admin.Api", "用户服务"){
                    Scopes = {
                    new string("Admin.Api")
                    }
                },
                new ApiResource("Assistance.Api", "辅助服务")
                {
                    Scopes = {
                    new string("Assistance.Api")
                    }
                },
                new ApiResource("Attachment.Api", "文件服务")
                {
                    Scopes = {
                        new string("Attachment.Api")
                    }
                },
            };
        }

        /// <summary>
        /// 4.0版本需要添加apiscope
        /// </summary>
        /// <returns></returns>
        public static IEnumerable<ApiScope> GetApiScopes()
        {
            return new List<ApiScope>
            {
                //new ApiScope("myapi", "myapi"),
                new ApiScope("Admin.Api", "用户服务"),
                new ApiScope("Assistance.Api", "辅助服务"),
                new ApiScope("Attachment.Api", "文件服务"),
            };
        }

        // clients want to access resources (aka scopes)
        public static IEnumerable<Client> GetClients()
        {
            return new List<Client>
            {
                new Client
                {
                    ClientId = "client",
                    // 没有交互性用户，使用 clientid/secret 实现认证。
                    AllowedGrantTypes = GrantTypes.ClientCredentials,
                    // 用于认证的密码
                    ClientSecrets =
                    {
                        new Secret("secret".Sha256())
                    },
                    // 客户端有权访问的范围（Scopes）
                    AllowedScopes = { "Admin.Api", "Assistance.Api", "Attachment.Api" }
                },
                new Client
                {
                    //客户端ID名称
                    ClientId = "Windows",
                    ClientName = "Windows Client",
                    //AccessTokenLifetime = 1800,//设置AccessToken过期时间
                    //AllowOfflineAccess = true,
                    //访问类型
                    AllowedGrantTypes = GrantTypes.ResourceOwnerPassword,
                    ClientSecrets={new Secret("secret".Sha256())},
                    AllowedScopes =
                    {
                        IdentityServerConstants.StandardScopes.OfflineAccess,
                        IdentityServerConstants.StandardScopes.OpenId,
                        IdentityServerConstants.StandardScopes.Profile,
                        //"myapi",
                        "Admin.Api",
                        "Assistance.Api",
                        "Attachment.Api"
                    },
                }
            };
        }
    }
}
